The WannaCry ransomware attack has spread to 150 countries

Since its discovery on Friday afternoon, the WannaCry ransomware attack has continued to spread this weekend, impacting over 10,000 organizations and 200,000 individuals in over 150 countries, according to European authorities. However, while measures have been taken to slow the spread of the malware, new variations have begun to surface.

This morning, Europol director Rob Wainwright told the BBC that the cyberattack is “unprecedented in its scale,” and noted that it will likely continue as people return to work on Monday. While Microsoft took the unusual step to issue a patch for Windows XP, the patch will only work if installed, and authorities have been warning businesses to ensure that their systems are updated.

The ransomware attack began on Friday afternoon, where it affected England’s National Health Service, prompted automaker Renault to idle factories in France, and many others. A 22-year-old cybersecurity expert known as MalwareTech slowed the attack by registering a domain name he discovered in the ransomware’s code. He told the BBC that another attack is likely coming soon, one that works around his fix.

Researchers have since discovered two new variations of the ransomware. One has been blocked with another domain name registration, but the other variant has no kill switch, but is only partially working.

The software exploits a security flaw in Windows XP, and once it infects a computer, it encrypts the files and spreads to other computers. Victims receive a demand for a payment of $300 in Bitcoin in order to regain access. However, despite the widespread nature of the attack, it’s believed that the perpetrators have only raised around $20,000 in payments.

Image: SecureList / AO Kaspersky Lab

Wainwright said that businesses should ensure that their systems are updated with the latest security patches to help prevent further infections and to slow the spread of the ransomware. He noted that Europol is working with the Federal Bureau of Investigation to try and discover the people behind the attack.

Comments

The software exploits a security flaw in Windows XP, and once it infects a computer

No. The security flaw is present in almost every Windows version, and it began to show up hours sooner. Here in Spain it hit Telefónica hard, for example, but Russia and Taiwan were specially affected on those first moments. A little more insight would be welcome. This is The Verge, please. Do your job.

Agreed, this is sloppy editing, please amend the article. While it’s true that Windows 10 is shipped with Windows update turned on, and so it should be already patched, all Windows versions are vulnerable.

As it turns out, Microsoft has patched the exploit back in March. The infected systems were not running the latest updates… Always. Patch. Your. System.

There’s no other way around it, this is an always online world.

For anyone who has disabled Windows Update due to persistent malicious attempts to add or bundle telemetry services by Microsoft, you should know that Microsoft has made truly standalone versions of the fix for MS17-010 available for anything earlier than Windows 10. This Reddit post contains the relevant links. Re-enable the Windows Update service, install the fix, disable it again, and you are hardened against MS17-010 and can safely use SMB.

One wonders how many affected people are in this position after listening to people scaremongering about Windows patches.

You say that as if there aren’t consistent, legitimate issues with Microsoft updates…
They’ve gotten better at not breaking things with every update, but it’s still an issue. Very much so if you’re still on windows XP (at least while they still updated it) or 7.

Same picture still

But yeah, I always force the companies i do work for to either move to a current OS if security is no longer being updated on older versions or take them completely off the internet. I went as far as building a new physical network for en embroidery company because there XP machines had software and drivers that they didn’t want to change, and took the old network offline.

If the data is very important, I setup snapshots for every day. IMO insane not too for cases just like this.

How does it infect my PC? Does it require me to open an email or run an exe file or something like that?

AFAIK no, it’s a worm, a sneaky little bastard and uses a backdoor to infect. (Correct me if I’m mistaken.)

Up to date Windows system essential to protect from ransomware
The latest worldwide massive Wannacry ransomware attack was a combination of several factors, but one of its main "features" was the exploitation of a security hole in Microsoft Windows that could have easily been fixed with a system update. So it is more important than ever to keep your Windows System up to date at all time in order to avoid your organization from being attacked.
For many sophisticated IT professionals, WuInstall is the tool of choice to script, automate and control Windows Updates seamlessly. So they never miss an important security update while keeping the service interruption to the users at a minium by for example running the patches remote and at night.
https://wuinstall.com/

View All Comments
Back to top ↑